문제와 이슈/front

Content-Security-Policy

wild 2020. 8. 27. 12:00

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/upgrade-insecure-requests

 

CSP: upgrade-insecure-requests

The HTTP Content-Security-Policy (CSP) upgrade-insecure-requests directive instructs user agents to treat all of a site's insecure URLs (those served over HTTP) as though they have been replaced with secure URLs (those served over HTTPS). This directive is

developer.mozilla.org

HTML 메타 정보에 아래와 같이 content-security-policy를 설정할 경우 http로 호출하는 모든 리소스가 자동으로 https로 호출되는 보안기능이 존재한다.

 

<meta http-equiv="content-Security-Policy" content="upgrade-insecure-requests">